optionally set int.forward=1 via sysctl

pillar.example

@@ -20,3 +20,9 @@ wireguard:
         allowed_ips:
           - 10.0.0.3/32
           - 'fdff::3/128'
+
+  # optionally, a list of interfaces can be specified for which forwarding will
+  # be set to 1 via sysctl.present
+  set_forward_interfaces:
+    - all
+    - wgtest

wireguard/init.sls

@@ -33,3 +33,12 @@ wireguard_{{ interface }}_peer_{{ peer.get('peer') }}:
 {% endif %}
 {% endfor %}
 {% endfor %}
+
+{% for interface in salt['pillar.get']('wireguard:set_forward_interfaces', []) %}
+net.ipv4.conf.{{interface}}.forwarding:
+  sysctl.present:
+    - value: 1
+net.ipv6.conf.{{interface}}.forwarding:
+  sysctl.present:
+    - value: 1
+{% endfor %}